Salesforce Files Connect Implementation Guide

Salesforce Files Connect Implementation Guide

Salesforce Files Connect Implementation Guide Salesforce, Spring ’18 @salesforcedocs Last updated: February 1, 2018

Salesforce Files Connect Implementation Guide

Copyright 2000–2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners.

CONTENTS FILES CONNECT FOR ADMINISTRATORS ___ 1
The Files Connect Setup Process ___ 1
Enable Salesforce Files Connect for Your Organization ___ 2
Let Users and Administrators Access Files Connect Data Sources ___ 3
Create an Authentication Provider for Box ___ 4
Define an External Data Source for Box ___ 5
Create an Authentication Provider for Google Drive ___ 6
Define an External Data Source for Google Drive ___ 7
Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method ___ 8
Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method ___ 10
Define an External Data Source for SharePoint Online or OneDrive for Business ___ 13
Set Up a Secure Agent for SharePoint 2010 or 2013 ___ 14
Ensure Access with Secure Agent Clusters ___ 19
Define an External Data Source for SharePoint 2010 or 2013 ___ 20
Include a Files Connect Data Source in Global Search ___ 21
Include SharePoint Custom Properties in Search, SOQL, and SOSL Queries ___ 25
FILES CONNECT FOR USERS ___ 27
Set Up Authentication to an External Data Source ___ 27
Manage Your Files Connect External Data Source Authentication Credentials ___ 28
Access and Share Files Connect External Files ___ 29
Search for Files Connect External Files .

FILES CONNECT FOR ADMINISTRATORS The Files Connect Setup Process EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions The setup process for Files Connect differs for cloud-based and on-premises external data sources. Files Connect for on-premises external data sources is available only to customers who have the paid permission set license. This license is no longer available for purchase. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

First, enable Files Connect, and let users access related external data sources 1. Enable Salesforce Files Connect for Your Organization. 2. Let Users and Administrators Access Files Connect Data Sources. For cloud-based data sources, create an authentication provider, and then define the source If you use Google Drive: 1. Create an Authentication Provider for Google Drive. 2. Define an External Data Source for Google Drive. If you use Quip: 1. Set up a Quip Auth. Provider. 2. Configure OAuth for Quip. 3. Add an External Data Source. If you use Microsoft’s cloud systems: 1. Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method).

2. Define an External Data Source for SharePoint Online or OneDrive for Business. If you use Box: 1. Create an Authentication Provider for Box. 2. Define an External Data Source for Box. 1

For on-premises data sources, set up a Secure Agent, and then define the source Note: This process is available only to customers who have the paid permission set license, “Files Connect for on-premises external data sources.” This license is no longer available for purchase. 1. Set Up a Secure Agent for SharePoint 2010 or 2013 on a Linux or Windows server to securely connect Salesforce to data stored behind your firewall. 2. Define an External Data Source for SharePoint 2010 or 2013. Include the external data in global search To let users access external data in global Salesforce searches, you’ll need to create an external object and give users access to its fields.

This is an optional step, but highly recommended to best integrate external data with Salesforce.

For per-user data sources, have users authenticate in Salesforce If you specified per-user authentication for a data source and exposed it through profiles or permission sets, ask authorized users to provide their data source credentials. Start accessing, sharing, and searching external files! Now users can access and share external files via the Files tab and feed, and search for them right alongside their Salesforce content. Enable Salesforce Files Connect for Your Organization EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To enable Salesforce Files Connect:
  • Customize Application Let users search and share files from external systems like Google Drive and SharePoint. 1. From Setup, enter Files Connect in the Quick Find box, then select Files Connect under Settings.
  • 2. Click Edit, and then select Enable Files Connect. 3. For File Sharing, select one of the following:
  • Copy stores a copy of external files in Salesforce. If files are shared with a Chatter group, all group members can access the files, even if they lack access to the external system.
  • Reference points to external files stored outside Salesforce. No file previews are available, andfiledownloadsrequireuseraccesstotheexternalsystem.(Usersmustentercredent ials forthesystemintheAuthenticationSettingsforExternalSystemssectionofpersonals etup). Tip: Choose the Copy mode if your organization shares files with external customers or partners. Choose the Reference mode to reflect access restrictions from the external system in Salesforce.

Regardlessofsharingmode,filesinSalesforcedon’treflectfilerevisionsinexterna lsystems.However, Reference mode points to the latest versions in those systems. 2 Enable Salesforce Files Connect for Your Organization Files Connect for Administrators

Let Users and Administrators Access Files Connect Data Sources EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To set permissions:
  • Customize Application To use Files Connect for on-premises external data sources:
  • API Enabled After you enable Files Connect, give users and administrators permission to access specific external data sources from Salesforce.

Tip: Thoughyoucanprovideaccesstodatasourcesviapermissionsetsorprofiles,permissio n sets let you more quickly adjust access for several types of users. Regardless of which method you choose, be sure to give administrators access so they can configure data sources. 1. FromSetup,enter Permission Sets inthe Quick Find box,thenselectPermission Sets or enter Profiles in the Quick Find box, then select Profiles. 2. Create a new permission set or profile, or click an existing one. If you use a permission set, User License must be set to the default option, “None.” 3. For a permission set, click System Permissions, then click Edit.

  • For a profile, click Edit, and scroll down to the Administrative Permissions section. 4. Do either of the following, and then click Save.
  • To access cloud-based data sources like SharePoint Online, select Files Connect Cloud.
  • To access on-premises data sources like SharePoint 2010 or 2013, select Files Connect On-premises. Note: The on-premises permission is available with a paid permission set license, “Files Connect for on-premises external data sources.” To enable Files Connect on-premises for a user: a. Assign the Files Connect license to the user. b. Create a permission set and add the “Files Connect On-premises” permission to it. c. Assign the permission set to the user.
  • 5. For a permission set, click Manage Assignments in the toolbar at the top of the page. Then click Add Assignments, select users for the permission set, and click Assign. Important: Include any administrators who need to configure external data sources. 6. If you haven’t already, define the external data sources for your organization:
  • Define an External Data Source for SharePoint Online or OneDrive for Business
  • Define an External Data Source for SharePoint 2010 or 2013
  • Define an External Data Source for Google Drive
  • Define an External Data Source for Box
  • Define an External Data Source for Quip Note: If you select an identity type of Named Principal for the data source, skip the following steps. But if you select Per User, read on.
  • 7. In Setup, return to the detail page for the permission set or profile. Then do either of the following:
  • For a permission set, in the Apps section, click External Data Source Access.
  • For a profile, go to the Enabled External Data Source Access related list. 3 Let Users and Administrators Access Files Connect Data Sources Files Connect for Administrators
8. Click Edit, add specific data sources to the Enabled External Data Sources list, and click Save. (Users enter their credentials when they first access external data sources, or from their personal settings on theAuthentication Settings for External Systems page.) Create an Authentication Provider for Box EDITIONS Available in: Salesforce Classic Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers:
  • Customize Application AND Manage Auth. Providers TouseBoxasanexternaldatasource,youmustcreateanauthenticationproviderforitin Salesforce. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.
  • Create an Authentication Provider in Salesforce 1. InSetup,enter Auth. Providers inthe Quick Find box,thenselectAuth.Providers. 2. Click New. 3. For Provider Type, select OpenID Connect, and then set the following options:
  • Name—Enter the name you want to appear in Salesforce.
  • URL Suffix—Enter a suffix you want to appear at the end of the URL path. By default, the suffix reflects the Name entry.
  • Consumer Key—Enter any placeholder value. You will fill this in after you create the Box application in Step 5.
  • Consumer Secret—Enter any placeholder value. You will fill this in after you create the Box application in Step 5.
  • Authorize Endpoint URL—Enter https://account.box.com/api/oauth2/authorize
  • Token Endpoint URL— Enter https://api.box.com/oauth2/token
  • User Info Endpoint URL— Leave empty.
  • Default Scopes—Leave empty. 4. Click Save. Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. (You’ll use this when creating the Box application.) 5. Create a Box application. Then return to step 6. 6. When you have created the Box application, edit the Salesforce Auth Provider and replace the following values with those from the Box app.
  • Consumer.Key: the Box client_id.
  • Consumer.Secret: the Box client_secret. 7. Click Save. Your Box authentication provider is now ready to be used. Create a Box Application 1. Using the credentials of your Box admin account, log in to https://app.box.com/developers/services. 2. Click Create a Box Application. 4 Create an Authentication Provider for Box Files Connect for Administrators
3. Enter a project name, select Box content, and click Create Application. 4. Click Configure your application. 5. In the redirect_uri field, paste the Salesforce callback URL specified in the OAuth2 specification. 6. Copy the client_id and client_secret values to a text file. Enter these values at step 6 of Create an Authentication Provider in Salesforce. Define an External Data Source for Box EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source:
  • Customize Application Let users access their Box content from Files home, feed posts, and search. 1. FromSetupinSalesforceClassic,enter External Data Sources inthe Quick Find box, then select External Data Sources.

2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Name Choose Files Connect: Box Type The identity type used to authenticate to the external data source.

SelectPerUsertorequireseparatecredentials for each user who accesses the data source.

Identity Type (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source.) The protocol used to access Box. Select OAuth 2.0. Authentication Protocol Enter the Box Authentication Provider. Authentication Provider Leave blank. Scope Selecttoimmediatelytestthesettingsabove. Start Authentication Flow on Save 5 Define an External Data Source for Box Files Connect for Administrators

Create an Authentication Provider for Google Drive EDITIONS Available in: Salesforce Classic Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers:
  • Customize Application AND Manage Auth. Providers To use Google Drive as an external data source, you must create an authentication provider for it in Salesforce. The process begins with creating a related project in the Google Developers console. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

Create a Project in the Google Developers Console 1. Using the credentials of your Google App for Work admin account, log in to https://console.cloud.google.com. 2. In the title bar, expand Go to Project and click Create Project. 3. Enter a project name, and click Create. 4. In the project dashboard, click the menu icon in the top left, then click API Manager. 5. In the API manager, go to the Google APIs tab and search for Google Drive API. 6. Click Google Drive API in the search results, then click Enable API. 7. Click Credentials, located in the left-hand menu. 8. In the OAuth Consent Screen tab, enter a valid email address and product name.

Then click Save.

9. In the Credentials tab, click Add credentials and select OAuth client ID. 10. Select Web application and click Create. 11. CopytheclientIDandclientsecretvaluestoatextfile.You’llusethesevalueswhencre atinganauthenticationproviderinSalesforce. Create an Authentication Provider in Salesforce 1. In Setup, enter Auth. Providers in the Quick Find box, then select Auth. Providers. 2. Click New. 3. For Provider Type, select OpenID Connect, and then set the following options:
  • Name—Enter the name you want to appear in Salesforce.
  • URL Suffix—Enter the suffix at the end of the URL path. For example, in the path, https://login.salesforce.com/services/authcallback/00Dx00000000001/MyGoogle Provider, the suffix is “MyGoogleProvider”
  • Consumer Key—Enter the client ID you copied when creating the Google project.
  • Consumer Secret—Enter the client secret you copied when creating the Google project.
  • Authorize Endpoint URL—Enter https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prom pt=force
  • Token Endpoint URL— Enter https://accounts.google.com/o/oauth2/token
  • Default Scopes—Enter openid email profile https://www.googleapis.com/auth/drive 4. Click Save. Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. (You’ll use this when editing the Google project.) 6 Create an Authentication Provider for Google Drive Files Connect for Administrators
Edit the Project in the Google Developer Console 1. In the API Manager, click Credentials, located in the left-hand menu. 2. Click on the previously created Web application. 3. In the Authorized Redirect URIs section, add the Callback URL you copied when creating the authentication provider in Salesforce. 4. Click Save. Define an External Data Source for Google Drive EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source:
  • Customize Application Let Chatter users access their Google Drive content from the Files tab, feed posts, and search. Salesforce supports Google documents, spreadsheets, presentations, and drawings. 1. From Setup, enter External Data Sources in the Quick Find box, then select External Data Sources.

2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Name Choose Files Connect: Google Drive Type The identity type used to authenticate to the external data source.

SelectPerUsertorequireseparatecredentials for each user who accesses the data source.

Identity Type (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source..) Select Named Principal to use the same set of credentials for every user who accesses the data source from Salesforce. The protocol used to access Google Drive. Select OAuth 2.0. Authentication Protocol Enter the Google Drive authentication provider. Authentication Provider 7 Define an External Data Source for Google Drive Files Connect for Administrators

Description Field Leave blank. Scope Select to immediately test the settings above. Start Authentication Flow on Save Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method) EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers:
  • Customize Application AND Manage Auth. Providers To use one of Microsoft’s cloud-based external data sources, you must create an authentication provider for it in Salesforce and register that provider in a Microsoft Azure web application. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

To fully configure an authentication provider, complete these steps. 1. Create an Authentication Provider Using Placeholder Values 2. Register a Web Application in the Azure Management Console Note: If you do not have access to the Azure Management Console, or you need to authenticate to OneDrive for Business, follow these instructions to register your app in Office 365: Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method). 3. Configure the Authentication Provider in Salesforce Create an Authentication Provider Using Placeholder Values The authentication provider provides the redirect URI you need to register your app.

1. In Setup, enter Auth. Providers in the Quick Find box, then select Auth. Providers. 2. Click New.

  • 3. For Provider Type, select OpenID Connect, and then set the following options.
  • Name—Enter the name you want to appear in Salesforce.
  • URL Suffix—Enter a suffix you want to appear at the end of the URL path. By default, the suffix reflects the Name entry.
  • Consumer Key—Enter a placeholder value.
  • Consumer Secret—Enter a placeholder value.
  • Authorize Endpoint URL—Enter a placeholder that begins with https.
  • Token Endpoint URL—Enter a placeholder that begins with https.
  • Default Scopes—Leave empty.

4. Click Save.

Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. 8 Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method) Files Connect for Administrators

Register a Web Application in the Azure Management Console 1. Log in to Azure at https://manage.windowsazure.com/. (If you have any trouble, connect to Azure with your browser in “incognito” mode.) 2. In the left navigation panel, select Active Directory. 3. Select your active directory. 4. On the Active Directory page, select Applications from the header menu. 5. Click Add in the footer menu. 6. Choose Add an application my organization is developing. 7. Enter a name for your app, and choose Web Application and/or Web API. Click the arrow. 8. On the App Propertiesscreen, enter:
  • Sign-on URL—Enter a URL. (You can change this value later.)
  • App ID URI—Enter a unique URI. (You can change this value later.) 9. Click the checkmark to complete.

10. Once the app is created, click Configure from the header menu. 11. Copy the Client ID to a text file—you need this ID to configure the auth provider in Salesforce. 12. Create a key with a duration of 1 year or 2 years. (You’ll see the key value after you save.) 13. Update Reply URL with the callback URL that you copied from your Salesforce Authentication Provider. 14. Remove any existing application permissions. 15. Click Add application and add Office 365 Sharepoint Online. 16. Click Delegated Permissions, and then click the arrow to add the delegated permissions you want. 17. Click Save from the footer menu.

  • 18. Copy the displayed key value to your text file. Configure the Authentication Provider in Salesforce In Salesforce, replace the original placeholder values with the correct ones from the Azure app. 1. In Setup, enter Auth. Providers in the Quick Find box, then select Auth. Providers. 2. Click Edit next to the authentication provider you created previously. 3. Change the following values.
  • Consumer Key—Enter the Client Id you copied to a text file.
  • Consumer Secret—Enter the key you copied to a text file.
  • Authorize Endpoint URL—Enter the URL as follows: https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent& resource=https%3A%2F%2FYOUR_TENANT.sharepoint.com%2F
  • Token Endpoint URL—Enter the URL as follows: https://login.microsoftonline.com/common/oauth2/token 9 Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method) Files Connect for Administrators
SharePoint Online example https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent& resource=https%3A%2F%2Fcontenthubblitz.sharepoint.com%2F 4. Click Save. Your authentication provider is now ready for use. Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method) EDITIONS Available in: Salesforce Classic Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers:
  • Customize Application AND Manage Auth. Providers To use one of Microsoft’s cloud-based external data sources, you must create an authentication provider for it in Salesforce and register that provider in an Office 365 app. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

To fully configure an authentication provider, complete these steps. 1. Create an Authentication Provider Using Placeholder Values 2. Register an Office 365 App Note: If you have access to the Azure Management Console, you can register your provider using Azure: Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method) on page 8 3. Edit the Authentication Provider in Salesforce Create an Authentication Provider Using Placeholder Values 1. InSetup,enter Auth. Providers inthe Quick Find box,thenselectAuth.Providers. 2. Click New.

  • 3. For Provider Type, select Microsoft Access Control Service, and then set the following options.
  • Name—Enter the name you want to appear in Salesforce.
  • URL Suffix—Enter a suffix you want to appear at the end of the URL path. By default, the suffix reflects the Name entry.
  • Consumer Key—Enter a placeholder value.
  • Consumer Secret—Enter a placeholder value.
  • Authorize Endpoint URL—Enter a placeholder that begins with https.
  • Token Endpoint URL—Enter a placeholder that begins with https.
  • Default Scopes—Leave empty.

4. Click Save. Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. (You use this when registering an Office 365 app.) Register an Office 365 App 1. Log in to your Office365 account as an administrator, and go to one of the following URLs. 10 Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method) Files Connect for Administrators

  • SharePoint Online https://your company name.sharepoint.com/site collection path/_layouts/15/appregnew.aspx OneDrive for Business https://your company name-my.sharepoint.com/_layouts/15/appregnew.aspx 2. Set the following options.
  • Client Id—Click Generate, and copy the generated value to a text file.
  • Client Secret—Click Generate, and copy the generated value to a text file.
  • Title—Enter a name for the app.
  • App Domain—Enter the domain name of your Salesforce org.
  • Redirect URL— Enter the Callback URL you copied when creating the Authentication Provider in Salesforce. 3. Click Create.
  • Now you configure the newly created app to access SharePoint resources. 4. Go to one of the following URLs. SharePoint Online https://your company name.sharepoint.com/site collection path/_layouts/15/appinv.aspx OneDrive for Business https://your company name-my.sharepoint.com/_layouts/15/appinv.aspx 5. Set the following options.
  • App Id—Enter the Client Id you copied to a text file, then click Lookup.
  • Title—Keep the default value.
  • App Domain—Keep the default value.
  • Redirect URL—Keep the default value.
  • Permission Request XML—Enter a string with this format. SharePoint Online OneDrive for Business 6. For SharePoint Online, replace [SCOPE] with one of these values. Important: Office 365 recognizes only these scope URLs; copy them exactly, without changes.
  • http://sharepoint/content/sitecollection/web to let users access a single site (but not its subsites). 11 Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method) Files Connect for Administrators
  • http://sharepoint/content/sitecollection to let users access a single site collection (including all subsites).
  • http://sharepoint/content/tenant to let users access all site collections. 7. Replace [PLACEHOLDER] with one of these values:
  • Read
  • Write
  • Manage
  • Full Control For details about the differences between permission levels above, see the Microsoft website. 8. Click Create. Edit the Authentication Provider in Salesforce In Salesforce, replace the original placeholder values with the correct ones from the Office 365 app. 1. In Setup, enter Auth. Providers in the Quick Find box, then select Auth. Providers. 2. Click Edit next to the authentication provider you created previously. 3. Change the following values:
  • Consumer Key—Enter the Client Id you copied to a text file.
  • Consumer Secret—Enter the Client Secret you copied to a text file.
  • Authorize Endpoint URL—Enter the URL of the OAuthAuthorize.aspx page in Office 365. The URL format is as follows. SharePoint Online https://your company name.sharepoint.com/site collection path/_layouts/15/OauthAuthorize.aspx OneDrive for Business https://your company name-my.sharepoint.com/_layouts/15/OauthAuthorize.aspx
  • Token Endpoint URL— Enter a URL in the following format. SharePoint Online https://accounts.accesscontrol.windows.net/your company name.onmicrosoft.com/tokens/OAuth/2?resource=00000003-0000-0ff1-ce00-000000 000000/your company namesharepoint.com@your company name.onmicrosoft.com OneDrive for Business https://accounts.accesscontrol.windows.net/your company name.onmicrosoft.com/tokens/OAuth/2?resource=00000003-0000-0ff1-ce00-000000 000000/your company name-my.sharepoint.com@your company name.onmicrosoft.com 4. Click Save. Your authentication provider is now ready for use. 12 Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method) Files Connect for Administrators
Define an External Data Source for SharePoint Online or OneDrive for Business EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source:
  • Customize Application WithFilesConnectandChatter,SalesforcecanaccesscontentfromMicrosoft’scloud-b asedsystems. 1. From Setup, enter External Data Sources in the Quick Find box, then select External Data Sources. 2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Name Choose Files Connect: Microsoft SharePoint Online or Files Connect: Microsoft OneDrive for Business. Type TheURLofyourSharePointsite,sitecollection, or web app.

Site URL Important: The URL must begin with https. It should look like this: https://salesforce.sharepoint .com/HRSite (Don’t copy the URL seen in the browser when accessing SharePoint. It should not look like this: https://salesforce.sharepoint. com/HRSite/SitePages /Home.aspx) Accesses only the site collection specified by the URL, ignoring any other site collections. Exclude Other Site Collections Thisshouldalwaysbeenabledifanyusersare currently allowed to access the root site collection. The identity type used to authenticate to the external data source.

SelectPerUsertorequireseparatecredentials for each user who accesses the data source.

Identity Type 13 Define an External Data Source for SharePoint Online or OneDrive for Business Files Connect for Administrators

Description Field (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source.) Select Named Principal to use the same set of credentials for every user who accesses the data source from Salesforce. The protocol used to access SharePoint Online. Select OAuth 2.0. Authentication Protocol Enter the SharePoint Online or OneDrive for Business authentication provider. Authentication Provider Leave blank. Scope Select to immediately test your settings or to create an external object for this external data source.

Start Authentication Flow on Save Set Up a Secure Agent for SharePoint 2010 or 2013 EDITIONS Available in: both Salesforce Classic and Lightning Experience Available for an extra cost in: Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To set up a Secure Agent:
  • Customize Application A Secure Agent provides secure communication between Salesforce and on-premises data in SharePoint 2010 or 2013. The Files Connect on-premises solution is available only to customers who already own the license.

Note: The Secure Agent setup process is available only to customers who have the paid permission set license, “Files Connect for on-premises external data sources.” This license is no longer available for purchase.

To fully configure a Secure Agent, complete these steps: 1. Create a Connected App for the Secure Agent 2. Create a Profile and User Specific to the Secure Agent 3. Create the Agent in Salesforce, and Download the Installer to Your Server 4. Install and Run the Agent on a Windows Server or a Linux Server 5. Install Secure Agent Plug-ins for Your On-premises Data Source 6. Update Previously Installed Plug-ins 7. Import Any Required Certificates 8. Track and Troubleshoot Secure Agent Activity Tip: For a visual walk-through, see this video tutorial of Secure Agent setup. Create a Connected App for the Secure Agent 1.

In Setup, enter Apps in the Quick Find box, then select Apps. 14 Set Up a Secure Agent for SharePoint 2010 or 2013 Files Connect for Administrators

2. In the Connected Apps section, click New. 3. In the Basic Information section, enter the following settings:
  • Connected App Name—Enter a distinctive name like “Secure Agent App.”
  • API Name—Leave the default value.
  • Contact Email—Enter your administrator’s address. 4. In the API section, select Enable OAuth Settings, and enter the following settings:
  • Callback URL—Enter https://login.salesforce.com for a production instance, or https://test.salesforce.com for a sandbox.
  • Use Digital Signatures—Deselect this option.
  • Selected OAuth Scopes—Add “Access and manage your data (api)” and “Perform requests on your behalf at any time (refresh_token, offline_access).” 5. Click Save. 6. In Setup, enter Connected Apps in the Quick Find box, then select the option for managing connected apps. 7. Next to the new app, click Edit, and then enter the following settings:
  • Permitted Users—Select “Admin approved users are pre-authorized.”
  • IP Relaxation—Select “Relax IP restrictions.” 8. Click Save.

Create a Profile and User Specific to the Secure Agent 1. In Setup, enter Profiles in the Quick Find box, then select Profiles. 2. Next to the Standard User profile, click Clone. 3. For Profile Name, enter a distinctive name like “Secure Agent profile.” 4. Click Save. 5. Next to the new profile, click Edit. 6. In the Connected App Access section, select the connected app you created for the agent. 7. In the Administrative Permissions section, select Modify Secure Agents. 8. Click Save. 9. In Setup, enter Users in the Quick Find box, then select Users. 10. Click New User.

11. For Profile, select the profile you created for the agent.

Then complete the remaining required fields, and click Save. Important: Be sure to deselect “Generate new password and notify user immediately.” Create the Agent in Salesforce, and Download the Installer to Your Server 1. In Setup, enter Secure Agents in the Quick Find box, then select Secure Agents. 2. Click New Secure Agent. 3. Enter a Label for the user interface and Name for the API. 15 Set Up a Secure Agent for SharePoint 2010 or 2013 Files Connect for Administrators

Note: Choose the label carefully, because you can't change it. Salesforce relies on a consistent label to remain connected to the agent. 4. For Proxy User, enter the user you created for the Secure Agent. 5. Click Save. 6. On the details page, click Download Installer, and then choose Linux Agent or Windows Agent. 7. In Setup, enter Apps in the Quick Find box, then select Apps, and click the name of the connected app you created. Then, in the API section, copy the Consumer Key value to a text file.

8. To your server, copy the text file and the downloaded installer file (sfdc-agent.zip for Windows, or sfdc-agent.run for Linux).

Important: MakesuretheservercanaccessbothSalesforceandyouron-premisesdatasource,andhas Java6.xor7.xinstalled. Install and Run the Agent on a Windows Server 1. Extract the files in sfdc-agent.zip. Then double-click SecureAgentInstaller.exe 2. Click Next, and enter an installation folder. Click Next again, and finish initial installation. 3. When the configuration window appears, enter proxy settings used to connect to Salesforce. Tip: To change proxy settings after installation (due to a new password for example), enter the agent:proxyconfig command in the agent interface.

4. For Login Server Type, choose Production or Sandbox. Tip: To later change this and following configuration settings, you must uninstall and reinstall the agent. 5. For Oauth Client Key, enter the Consumer Key value you copied to the text file. 6. For Encryption Settings, select one of the following:
  • Generatetorandomlygeneratea1,024-bitpublic/privatekeypair.SeetheRe-useexist ingcertificatesettingifyouneedanother key size. Then note the displayed path to the generated *.509 certificate file. You reference this path in the Salesforce connected app.
  • Re-use existing keystore to reuse a key pair from a previous agent installation. The keystore is in this location: [agent installation folder]\etc\auth.jks. Note: If you select an existing keystore, skip to step 10.
  • Re-use existing certificate to select your own certificate and private key. This option enables you to use a different key size. Contact Salesforce for more information. 7. In Salesforce, from Setup, enter Apps in the Quick Find box, then select Apps. 8. Click Edit next to the connect app, and select Use Digital Signatures. 9. Click Choose File, and select the *.509 certificate. Then click Save. 10. Return to the agent installer, and click Next to complete the installation. 11. Click Install Agent as Service to start the “Salesforce Secure Agent” service on your server. Tip: To access services in Windows, choose Start > Administrative Tools > Services. 16 Set Up a Secure Agent for SharePoint 2010 or 2013 Files Connect for Administrators
Install and Run the Agent on a Linux Server 1. Run the installer using one of these commands:
  • Production instance: ./sfdc-agent.run
  • Sandbox instance: ./sfdc-agent.run -l https://test.salesforce.com
  • Production instance with your own public/private key pair: ./sfdc-agent.run –l https://login.salesforce.com -p [private key filename].PKCS8 -f [public key filename].X509
  • Production instance with a keystore generated during a previous installation: ./sfdc-agent.run –l https://login.salesforce.com -j [path to *.jks file] You’ll find the *.jks file here: [agent installation folder]/etc/auth.jks 2. Follow the on-screen instructions to enter an installation folder and proxy settings. Tip: To change proxy settings after installation, enter the agent:proxyconfig command in the agent interface. 3. When the installer prompts you for an Oauth Client Key, enter the Consumer Key value you copied to the text file. Note: If you specified a keystore generated during a previous installation, skip to step 8. 4. If prompted, generate a random 1,024-bit public/private key pair. Then note the displayed path to the generated *.509 certificate file. You reference this path in the Salesforce connected app.

Note: Contact Salesforce if you need to use a different key size. 5. In Salesforce, from Setup, enter Apps in the Quick Find box, then select Apps. 6. Click Edit next to the connect app, and select Use Digital Signatures. 7. Click Choose File, and select the *.509 certificate. Then click Save. 8. Return to the agent installer, and press Enter to complete the installation. 9. Start the agent with this command: [agent installation folder]/bin/start Install Secure Agent Plug-ins for Your On-premises Data Source To connect a Secure Agent to an external data source in Salesforce, you need to install the necessary plug-ins.

1. In Setup, enter Secure Agents in the Quick Find box, then select Secure Agents. 2. Click an agent name to access its details page.

3. In the Secure Agent Plugins list, click New. For SharePoint 2010 or 2013, you’ll need to install the following plug-ins:
  • Files Connect SharePoint 17 Set Up a Secure Agent for SharePoint 2010 or 2013 Files Connect for Administrators
  • Files Connect Remote Connector Service
  • Secure Transport Client Service 4. To install a plug-in, select it from the Type menu, enter a distinctive name, and click Save. Repeat the process for each required plug-in. Update Previously Installed Plug-ins When plug-in updates are available, administrators receive weekly email notifications. 1. In Setup, enter Secure Agents in the Quick Find box, then select Secure Agents. 2. In the Secure Agent Plugins list, if the Update Available column states “Yes,” click Edit for that plug-in. 3. Select Update to the recommended version on save, and click Save.

Import Any Required Certificates In the agent interface, you can press the TAB key to access a variety of commands. If your SharePoint server requires a self-signed certificate, or a certificated signed by an unofficial authority, you must use the rcs:importcert command. Then enter the path to import the self-signed certificate, or the root certificate of the authority, into the Secure Agent trust store. The rcs:listcert command lists all certificates currently in the trust store, while rcs:deletecert deletes the specified certificate from the store.

Track and Troubleshoot Secure Agent Activity Download log files to precisely monitor agent events. 1. In Setup, enter Secure Agents in the Quick Find box, then select Secure Agents. 2. Click the name of a previously created Secure Agent to open its detail page. 3. Click either of the following:
  • Download Logs to download a compressed .zip file containing text logs.
  • Download Diagnostics to see the current agent state, including the list of installed plug-ins and Java virtual machine status. 18 Set Up a Secure Agent for SharePoint 2010 or 2013 Files Connect for Administrators
Ensure Access with Secure Agent Clusters EDITIONS Available in: both Salesforce Classic and Lightning Experience Available for an extra cost in: Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To set up Secure Agent clusters:
  • Customize Application Secure Agent clusters provide failover protection, ensuring that Salesforce users can always access on-premises external data sources like SharePoint 2010 or 2013. Note: The Secure Agent setup process requires a paid permission set license, “Files Connect for on-premises external data sources.” This license is no longer available for purchase. Create the Secure Agent Cluster 1. Create multiple Secure Agents on different servers by repeating this process: Set Up a Secure Agent.

2. From Setup, enter Secure Agent Clusters in the Quick Find box, then select Secure Agent Clusters. 3. Click New Secure Agent Cluster. 4. Enter a Label for the user interface and Name for the API. 5. To add available agents to the cluster, select them, and click Add. ChangethepriorityorderinwhichagentsareusedbymovingthemupordownintheSelected Secure Agents list. The accessible agent with highest priority is used first. 6. Click Save. Check Cluster Status 1. From Setup, enter Secure Agent Clusters in the Quick Find box, then select Secure Agents Clusters. 2. Click a cluster name to access its details page.

3. Note the overall status for the cluster. Green indicates that all agents are accessible, yellow that some are, and red that none are. 4. Note the status of individual agents and these additional details:
  • The Priority column shows the order in which agents are used. To change priority, click Edit, and move agents up or down in the Selected Secure Agents list.
  • The Active column indicates which agent is currently in use. 19 Ensure Access with Secure Agent Clusters Files Connect for Administrators
Define an External Data Source for SharePoint 2010 or 2013 EDITIONS Available in: both Salesforce Classic and Lightning Experience Available for an extra cost in: Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source:
  • Customize Application Let Salesforce access data in your on-premises system. Files Connect and Chatter make it possible. The Files Connect on-premises solution is available only to customers who already own the license. Note: This setup process is available only to customers who have the paid permission set license,“FilesConnectforon-premisesexternaldatasources.”Thislicenseisnolong eravailable for purchase.

1. From Setup, enter External Data Sources in the Quick Find box, then select External Data Sources. 2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only Name underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Choose Files Connect: Microsoft SharePoint Type A service running on a Linux or Windows server on your intranet that lets you securely Secure Agent connect Salesforce to your on-premises SharePoint server.

See Set Up a Secure Agent for SharePoint 2010 or 2013.

TheURLofyourSharePointsite,sitecollection, or web app. Site URL Important: The URL must begin with https and end with the site name. (Don’t copy the URL seen in the browser when accessing SharePoint.) The identity type used to authenticate to the external data source. SelectPerUsertorequireseparatecredentials for each user who accesses the data source. Identity Type (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source.) 20 Define an External Data Source for SharePoint 2010 or 2013 Files Connect for Administrators

Description Field Select Named Principal to use the same set of credentials for every user who accesses the data source from Salesforce. The protocol required to access SharePoint. Select Password Authentication. Authentication Protocol (This option supports HTTP Basic and NTLM authentication.) The username Salesforce uses to test the connection to SharePoint.Youdon’tneedtoenteraSharePointadministrator’s Administration Username username. However, ensure that the credentials you use have adequateprivilegestoaccessthedatasource,performsearches, and return information.

The password Salesforce uses to test the connection to SharePoint. Administration Password Note: Salesforce users can’t access SharePoint 2010 if anonymous access is enabled for the web application. Include a Files Connect Data Source in Global Search EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create an external object and provide access to its fields:
  • Customize Application Combine searches for Salesforce data with external data from Google Drive, SharePoint, OneDrive for Business, or Box. Via the API, developers can automate the process with supported SOQL or SOSL queries.

To include external data in global searches or API queries, first create a related external object. External objects behave similarly to custom objects, but map to data stored outside Salesforce in an external system like SharePoint. Each external object maps to a data table, and the object fields map to accessible table columns. Tip: External objects support lookup relationships similar to custom objects, letting you integrate external data into related lists and other areas throughout Salesforce. For details, see External Object Relationships.

To fully configure global search, complete these steps: 1. Choose the Layout for Global Search Results 2. Create an External Object from an External Data Source 3. Give Users Access to the External Object Fields 4. Create a Custom Tab for the External Object (Lightning Experience Only) To automate search with SOQL or SOSL, review the supported queries for your data source:
  • SOQL and SOSL Support for SharePoint and OneDrive External Objects
  • SOQL and SOSL Support for Google Drive External Objects 21 Include a Files Connect Data Source in Global Search Files Connect for Administrators
Choose the Layout for Global Search Results By default, Files Connect external objects use the standard search results layout for Chatter and the Files tab. If you want to display customized search layouts for these objects, complete these quick steps. 1. From Setup, enter Files Connect Settings in the Quick Find box, then select Files Connect Settings. 2. Select Use External Object Search Layout. Create an External Object from an External Data Source 1. Define an external data source that supports search:
  • SharePoint Online or OneDrive for Business
  • SharePoint 2010 or 2013
  • Google Drive
  • Box 2. In Setup, enter External Data Sources in the Quick Find box, then select External Data Sources. 3. Click the data source name to access the details page.

4. Click Validate and Sync. Note: Note: If the Validate and Sync button is disabled, edit the Authentication Settings for External Systems to enable the Start Authentication Flow on Save checkbox. 5. Select the table named “items_[data source].” Then click Sync to create an external object that maps to the entire source. Now you deploy the object to make the data it contains available to users. 6. Choose Build > Develop > External Objects. 7. Click Edit next to the new external object. 8. At the bottom of the page, click Deployed, and then click Save. Give Users Access to the External Object Fields 1.

In Setup, enter Permission Sets in the Quick Find box, then select Permission Sets. 2. Click a permission set in which you enabled Files Connect. 3. In the Apps section, click Object Settings. 4. Click the name of the external object. 5. Click Edit, and enable the necessary Read permissions (for the object itself, and all fields you want to reveal in Salesforce). 6. Click Save.

Create a Custom Tab for the External Object (Lightning Experience Only) 1. In Setup, enter Tabs in the search bar, then select Tabs. 2. Click New in the Custom Object Tabs section. 3. In Step 1 of the setup wizard, enter the name of the custom object you created from your external data source. 22 Include a Files Connect Data Source in Global Search Files Connect for Administrators

Next part ... Cancel